The impression that there’s no common ground between IT companies and law-enforcement authorities on the issue of encryption is a “caricature”, GCHQ director Robert Hannigan told the Massachusetts Institute of Technology (MIT), emphasising that cooperation between the two sides is in reality “routine”.
In a talk before about 150 people at MIT’s Internet Policy Research Initiative, Hannigan, making only his second appearance at a public forum since he took the role in 2014, argued it’s inevitable that IT companies will continue to aid governments to find ways around security barriers such as encryption.
Read More: GCHQ – We Failed On Cybersecurity despite £1bn spend
“I am not in favor of banning encryption, nor am I asking for mandatory backdoors,” he said, according to MIT Technology Review.
Cases such as the current stand-off between Apple and the FBI, in which the US Department of Justice (DOJ) is asking Apple to weaken the password protection on an iPhone belonging to a suspect in the December San Bernardino, California shootings, show that investigators can be provided with tools that have an effective, but limited scope, Hannigan argued.
“Not everything is a back door, still less a door which can be exploited outside a legal framework.”
He asserted that it’s likely investigators will always be able to find ways into protected devices and communications, even without access to a “master key”, simply by exploiting weaknesses that already exist in such systems.
Such weaknesses will always exist, in part because they’re necessary to make those systems usable, Hannigan said.
“I’m not sure it is certain that [companies] will construct systems that make [access] impossible,” he is quoted as saying. “Not least because then their own users will find it difficult” to use the devices.
Hannigan made it clear that in spite of appearances, IT companies frequently aided law enforcement officials to access data held on mobile devices before device security policies were tightened two years ago, and they continue to do so now.
“The perception that there is nothing but conflict between governments and the tech industry is a caricature,” he said. “In reality, companies are routinely providing help within the law and I want to acknowledge that today.”
Hannigan claimed investigators are by and large targeting only the “abuse of encryption” by criminals and extremists: “It should be possible for technical experts to sit down together and work out solutions. Sometimes there will be nothing we can do and we will have to accept that. But those surely should be the exceptions.”
Apple is currently resisting efforts by the FBI to force its cooperation in the San Bernardino case, and the tangle between the two has helped give the encryption issue a high profile.
The 2012 disclosure of mass surveillance and data-gathering practices by the US’ NSA drew public attention to the privacy issues around digital communications, leading many IT companies to introduce additional layers of security.
The controversial draft Investigatory Powers bill includes provisions on encryption that would oblige companies to assist investigators in the removal of encryption that they themselves have put into place.
Are you a security pro? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…